Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
4-24
Cisco IronPort AsyncOS 7.6 for Email Daily Management Guide
OL-25138-01
Chapter 4 Quarantines
Configuring the Cisco IronPort Spam Quarantines Feature
Configuring End User Quarantine Access
To allow end users to access the Cisco IronPort Spam quarantine directly (without requiring a
notification): click Edit in the Settings column for the IronPort Spam Quarantine on the Monitor ->
Quarantines page. The Edit IronPort Spam Quarantine page is displayed.
notification): click Edit in the Settings column for the IronPort Spam Quarantine on the Monitor ->
Quarantines page. The Edit IronPort Spam Quarantine page is displayed.
Step 1
Check the checkbox labeled Enable End-User Quarantine Access. Administrator users can still access
the quarantine, regardless of whether the box is checked.
the quarantine, regardless of whether the box is checked.
Figure 4-17
Editing IronPort Spam Quarantine Access Settings
Step 2
Specify whether or not to display message bodies before messages are released. If this box is checked,
users may not view the message body via the Cisco IronPort Spam quarantine page. Instead, to view a
quarantined message’s body users must release the message and view it in their mail application
(Outlook, etc.). This is especially relevant to compliance issues where all viewed email must be archived.
users may not view the message body via the Cisco IronPort Spam quarantine page. Instead, to view a
quarantined message’s body users must release the message and view it in their mail application
(Outlook, etc.). This is especially relevant to compliance issues where all viewed email must be archived.
Step 3
Specify the method you would like to use to authenticate end-users when they attempt to view their
quarantine directly via web browser (not via the email notification). You may use either Mailbox or
LDAP authentication.
quarantine directly via web browser (not via the email notification). You may use either Mailbox or
LDAP authentication.
Note that you can allow end user access to the Cisco IronPort Spam quarantine without enabling
authentication. In this case, users can access the quarantine via the link included in the notification
message and the system does not attempt to authenticate the user. If you want to enable end user
access without authentication, select None in the End-User Authentication dropdown menu.
authentication. In this case, users can access the quarantine via the link included in the notification
message and the system does not attempt to authenticate the user. If you want to enable end user
access without authentication, select None in the End-User Authentication dropdown menu.
LDAP Authentication: If you do not have an LDAP server or an active end user authentication
query set up, click the System Administration > LDAP link to configure your LDAP server
settings and end user authentication query string. For information about configuring LDAP
authentication, see “LDAP Queries” in the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
query set up, click the System Administration > LDAP link to configure your LDAP server
settings and end user authentication query string. For information about configuring LDAP
authentication, see “LDAP Queries” in the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
Mailbox Authentication: For sites without an LDAP directory to use for authentication, the
quarantine can also validate user’s email addresses and passwords against and standards-based
IMAP or POP server that holds their mailbox. When logging in to the web UI, the users enter their
full email address and mailbox password, and the quarantine uses this to attempt to log in to the
mailbox server as that user. If the login is successful, the user is authenticated and the quarantine
then immediately logs out and no changes are made to the user’s inbox. Using mailbox
authentication works well for sites that do not run an LDAP directory, but mailbox authentication
can not present a user with messages that may have been bound for an email alias.
quarantine can also validate user’s email addresses and passwords against and standards-based
IMAP or POP server that holds their mailbox. When logging in to the web UI, the users enter their
full email address and mailbox password, and the quarantine uses this to attempt to log in to the
mailbox server as that user. If the login is successful, the user is authenticated and the quarantine
then immediately logs out and no changes are made to the user’s inbox. Using mailbox
authentication works well for sites that do not run an LDAP directory, but mailbox authentication
can not present a user with messages that may have been bound for an email alias.
Select the type (IMAP or POP). Specify a server name and whether or not to use SSL for a secure
connection. Enter a port number for the server. Supply a domain (example.com, for example) to
append to unqualified usernames.
connection. Enter a port number for the server. Supply a domain (example.com, for example) to
append to unqualified usernames.
If the POP server advertises APOP support in the banner, then for security reasons (i.e., to avoid
sending the password in the clear) the Cisco IronPort appliance will only use APOP. If APOP is not
supported for some or all users then the POP server should be reconfigured to not advertise APOP.
sending the password in the clear) the Cisco IronPort appliance will only use APOP. If APOP is not
supported for some or all users then the POP server should be reconfigured to not advertise APOP.
Step 4
Submit and commit your changes.